Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] Offline Backups for Ransomware Protection
From: Kevin Cleary <kpcleary () BUFFALO EDU>
Date: Thu, 26 Aug 2021 16:05:10 +0000
I'll jump on with the "immutable" band wagon here. We chose to go the immutable approach as this was almost as good as air-gapped (or offline) backups but much simpler and quicker to manage and leverage during a mass-restore scenario. Through a combination of disk-based virtual tape libraries and immutable backups we found the best balance of RPO, RTO, cost and data security. We looked at the cloud storage route also but ultimately decided against this for the same RTO reasons. Under a mass restore scenario, it would take quite a while to get all of our data out. I'm also pretty sure it would cost a pretty penny as many of the cloud storage offerings are metered/charged based on data flow in and out. I've also heard, anecdotally, that Amazon is running short on snowball devices right now given the uptick in ransomware attacks and customers needs a fast cheap way to get their data back. -- Kevin Cleary, CISSP Interim Information Security Officer Manager, Systems Software University at Buffalo Information Technology 305 Computing Center Buffalo NY 14260-1407 Phone: 716-645-4767 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Frank Barton Sent: Thursday, August 26, 2021 11:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL] Re: [SECURITY] Offline Backups for Ransomware Protection We looked at the ongoing cost of cloud storage, and ended up going much more old-school... LTO tapes... Once they're out of the tape robot, they are truely Air-Gapped Frank On Thu, Aug 26, 2021 at 11:40 AM Blake Brown <Blake.Brown () mhcc edu <mailto:Blake.Brown () mhcc edu> > wrote: Concur as well with using Veeam/AWS and/or Azure for offline storage. We are re-designing our entire backup infrastructure and will be deploying this model using Pure Storage Safemode and Veeam's immutable technologies to AWS. Just cannot happen quickly enough for me with all the risk out there! https://community.veeam.com/blogs-and-podcasts-57/3-2-1-1-0-golden-backup-ru le-569 <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity .veeam.com%2Fblogs-and-podcasts-57%2F3-2-1-1-0-golden-backup-rule-569&data=0 4%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd108d968a9d1ab%7C96464a8 af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011476041%7CUnknown%7CTWFpbGZsb 3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000 &sdata=6YjtMC17Z6b%2FrLJbeQ0t0crnWgO7iiNlRlZY4lRlSp4%3D&reserved=0> https://www.veeam.com/blog/v11-immutable-backup-storage.html <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.veeam .com%2Fblog%2Fv11-immutable-backup-storage.html&data=04%7C01%7Ckpcleary%40bu ffalo.edu%7C7710679d5f23422edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20 250%7C0%7C0%7C637655901011486039%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=r93vKhJE%2F0Iw3 jbIGf1eS3Dgug1Cn2b6wacJAYVWxL8%3D&reserved=0> https://blog.purestorage.com/products/protect-your-data-from-ransomware-with -safemode-snapshots/ <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.pure storage.com%2Fproducts%2Fprotect-your-data-from-ransomware-with-safemode-sna pshots%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd108d968 a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011486039%7CUnk nown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV CI6Mn0%3D%7C2000&sdata=ht2whnDmIOserWBQsO%2BT0n7vq%2BCGB2xDdZHlOP8SXWs%3D&re served=0> Blake Brown Infrastructure Manager _____ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > on behalf of Shane Kroening <skroening () QUALYS COM <mailto:skroening () QUALYS COM>
Sent: Thursday, August 26, 2021 8:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] Offline Backups for Ransomware Protection External Email Jeremy, I would echo John in using VEEAM and making sure your backups are digitally air-gapped from your network so in the event of a compromise or data loss it will not impact your backups. I've seen a lot of success using VEEAM alongside Azure for storage and I'm sure AWS or GCP could be viable options as well. Please feel free to reach out if you'd like more details. Best, Shane Kroening <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linke din.com%2Fcompany%2Fqualys&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5 f23422edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6376559 01011496030%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=ytIsl4EN62t%2FSF5C50%2FqNak31nHYBi86 fOk7DMJxEWI%3D&reserved=0> Technical Account Manager, Pre-Sales, Central (SLED) skroening () qualys com <mailto:skroening () qualys com> 414.791.5674 Qualys, Inc. - <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fqualys.co m%2Fblog&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd108d968a 9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011496030%7CUnkn own%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC I6Mn0%3D%7C2000&sdata=faood%2Bb1doiagrg1fPKSQT0gZFAOPqvKfyrAuRlfzhs%3D&reser ved=0> Blog | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity .qualys.com%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd10 8d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011506023% 7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi LCJXVCI6Mn0%3D%7C2000&sdata=%2FXx1BaaERS3jbtLnscgQ0Pzwa57fUIEnGhkYTq4hjjo%3D &reserved=0> Community | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.c om%2Fqualys&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd108d9 68a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011506023%7CU nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ XVCI6Mn0%3D%7C2000&sdata=OiMWRIpEpPVMJ5W8JCEO%2BDM7jQDMvoEHoNUViATe6Ss%3D&re served=0> Twitter Schedule a Call <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.o ffice365.com%2Fowa%2Fcalendar%2FShaneKroening%40qualys.onmicrosoft.com%2Fboo kings%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd108d968a 9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011516021%7CUnkn own%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC I6Mn0%3D%7C2000&sdata=ZCYgvluzjF%2Bz6lvVJystN8MuniwQxnpuL9TLIeMv3BA%3D&reser ved=0> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > on behalf of John Ramsey <jramsey () STUDENTCLEARINGHOUSE ORG <mailto:jramsey () STUDENTCLEARINGHOUSE ORG> > Date: Thursday, August 26, 2021 at 9:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] Offline Backups for Ransomware Protection We're using a combination of AWS and VEEAM. Attached is a really good two pager on back up strategies as a best practice, it's worth a quick read if you have a second. I think the interesting stat that is out there from Net Diligence states " Keep offline copies. Keep offline backups of your vital data to avoid the accidental spread of malware from publicly connected infected computers. Make sure your external storage drives or cloud backups are properly disconnected from your main corporate network to prevent backups from being accessed/infected by the spread of ransomware. Cybersecurity experts have posited that in up to 80 percent of incidents, certain types of ransomware impacted both regular network/devices and the backups. Timely recovery following a successful ransomware attack is significantly impacted by the efficacy of backup and backup segregation practices. John John Ramsey, Chief Information Security Officer National Student Clearinghouse Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT 2300 Dulles Station Blvd., Suite 220 Herndon, VA 20171 703.742.4428 | <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.studen tclearinghouse.org%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f2342 2edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011 516021%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I k1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=95F9%2BSinuuGu%2BficjGfmRkrDKxWLAreD7k%2F wUmUq4TY%3D&reserved=0> studentclearinghouse.org <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linked in.com%2Fcompany%2Fnational-student-clearinghouse&data=04%7C01%7Ckpcleary%40 buffalo.edu%7C7710679d5f23422edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a 20250%7C0%7C0%7C637655901011526013%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=2EpqmXXg4bI7j ENzqQtowsiZ8FKvW6LvkKZGx1rxF%2B4%3D&reserved=0> LinkedIn | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.c om%2Fnsclearinghouse&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422 edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6376559010115 26013%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik 1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=V5fy3Snz4n62%2BjBisoQPlxF09zDDfaGxDNAqaY2P 6o4%3D&reserved=0> Twitter | <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebo ok.com%2FNSClearinghouse&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f2 3422edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901 011536005%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTi I6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=RlkgNTJjuNfQBIEhBqe1jTOcyUaT464Vlf3C6h pwnCw%3D&reserved=0> Facebook | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.stude ntclearinghouse.org%2Fnscblog%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C771 0679d5f23422edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6 37655901011536005%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMz IiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FpFOEnTZKjVxu2PExh1ynVRcC%2F%2 B5vE6cRQOA0toERNI%3D&reserved=0> Blog | <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.insta gram.com%2FNSClearinghouse%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C771067 9d5f23422edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6376 55901011546006%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3lIayZve0HJpWKVHh17sFtPVgn8Mlr62E tPuDyqjs18%3D&reserved=0> Instagram Serving Education Since 1993 This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain confidential or privileged information. If you receive this message in error, please contact the sender and delete all copies. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > On Behalf Of Pelegrin, Jeremy J Sent: Thursday, August 26, 2021 10:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Offline Backups for Ransomware Protection EXTERNAL MESSAGE All, As we work to improve our ransomware posture, what are others doing for offline backups for recovery? Is it a subset of systems/data only? What technologies are being used? Happy to discuss offline if preferred. All the best, Jeremy Jeremy Pelegrin, MBA (He/him/his) Interim CISO | Information Technology Tulane University | 504-988-8548 (o) | 504-444-3536 (c) <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fts.tulane .edu%2F&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422edfd108d968a9 d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C637655901011546006%7CUnkno wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI 6Mn0%3D%7C2000&sdata=41ccWQhWQ7nRWMDq80EkffSc5NtXv5uGPvg6SgjZX4Q%3D&reserved =0> Collaborate | Innovate | Deliver ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422e dfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63765590101154 6006%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1 haWwiLCJXVCI6Mn0%3D%7C2000&sdata=o0cS0w9iWRqAFI25p4KyqZfZAJC62v3AKWwYC3f6gWw %3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422e dfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63765590101155 5998%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1 haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3rEGFKBjDEFOzyxi03XIn2Ulimc31PQLHu0oxzgUgjs %3D&reserved=0> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.qualy s.com%2Femail-banner&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422 edfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C6376559010115 55998%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik 1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=6wCzI%2BEeOCs8mZm1PW18%2BWekTZLw5u7d2Pq%2F Kl5AXPM%3D&reserved=0> This message may contain confidential and privileged information. If it has been sent to you in error, please reply to advise the sender of the error and then immediately delete it. If you are not the intended recipient, do not read, copy, disclose or otherwise use this message. The sender disclaims any liability for such unauthorized use. NOTE that all incoming emails sent to Qualys email accounts will be archived and may be scanned by us and/or by external service providers to detect and prevent threats to our systems, investigate illegal or inappropriate behavior, and/or eliminate unsolicited promotional emails ("spam"). If you have any concerns about this process, please contact us. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422e dfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63765590101156 5991%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1 haWwiLCJXVCI6Mn0%3D%7C2000&sdata=LD%2BYWdjizrA7eLESSBT4tw5w6jhyWOP93cWU9imUf G0%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422e dfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63765590101156 5991%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1 haWwiLCJXVCI6Mn0%3D%7C2000&sdata=LD%2BYWdjizrA7eLESSBT4tw5w6jhyWOP93cWU9imUf G0%3D&reserved=0> -- Frank Barton, MBA Security+, ACMT, MCP IT Systems & InfoSec Administrator Husson University PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437 (He/Him/His) ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa use.edu%2Fcommunity&data=04%7C01%7Ckpcleary%40buffalo.edu%7C7710679d5f23422e dfd108d968a9d1ab%7C96464a8af8ed40b199e25f6b50a20250%7C0%7C0%7C63765590101157 5989%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1 haWwiLCJXVCI6Mn0%3D%7C2000&sdata=8TbC2htlJBnI0M9ykqXyMHSo2pSHTLwxg1X%2FuV1oz zA%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
smime.p7s
Description:
Current thread:
- Offline Backups for Ransomware Protection Pelegrin, Jeremy J (Aug 26)
- Re: Offline Backups for Ransomware Protection John Ramsey (Aug 26)
- Re: Offline Backups for Ransomware Protection Shane Kroening (Aug 26)
- Re: Offline Backups for Ransomware Protection Blake Brown (Aug 26)
- Re: Offline Backups for Ransomware Protection Frank Barton (Aug 26)
- Re: [EXTERNAL] Re: [SECURITY] Offline Backups for Ransomware Protection Kevin Cleary (Aug 26)
- Re: [EXTERNAL] Re: [SECURITY] Offline Backups for Ransomware Protection Blake Brown (Aug 26)
- Re: Offline Backups for Ransomware Protection Shane Kroening (Aug 26)
- Re: Offline Backups for Ransomware Protection John Ramsey (Aug 26)
- Re: [EXTERNAL]Re: [SECURITY] Offline Backups for Ransomware Protection Holley, Brian (Aug 26)
- Re: [EXTERNAL]Re: [SECURITY] Offline Backups for Ransomware Protection McCain, Alan (Sep 20)